Firefox and Mac security sanctuaries 'under attack'

Symantec has attacked the perceived security advantages of Firefox and Apple Macs by drawing unfavourable comparisons with Microsoft's software and describing Mac fans as living in a "false paradise". According to the latest edition of Symantec's Internet Security Threat Report, 25 vulnerabilities were disclosed for Mozilla browsers and 13 for Microsoft Internet Explorer in the first half of 2005.

Graham Pinkney, head of threat intelligence EMEA at Symantec, said that switching from IE to Firefox as a way of minimising security risks was no longer valid advice. "Cross-site scripting attacks have been used to attack more vulnerabilities in Mozilla browsers over the last six months than IE," Pinkney told an IDC security conference last week ahead of the publication of Symantec's threat report today. John Cheney, chief executive of email filtering firm BlackSpider, replied that the release of Firefox had "helped Microsoft to raise its game" in terms of browser security.

As well as making comments that will doubtless irk Firefox fans, Symantec has renewed its assault of the perceived security advantages of Apple Macs. "Mac users may be operating under a false sense of security as a noteworthy number of vulnerabilities and attacks were detected against Apple Mac’s operating system, OS X," Symantec said, reflecting comments in the previous edition of its threat report that OS X was an emerging target for attack.

"While the number of vendor-confirmed vulnerabilities in OS X has remained relatively constant during the last two reporting periods [12 months], Symantec predicts this could change in the future. Symantec’s analysis on a rootkit (OSX/Weapox) reveals it is designed to take advantage of OS X. This particular trojan demonstrates that as OS X increases in popularity, so too will the scrutiny it receives from potential attackers."

Away from the desktop, Microsoft enterprise applications remain the top hacker target. For the fourth consecutive reporting period, the Microsoft SQL Server Resolution Service Stack Overflow Attack was the most common attack, accounting for 33 per cent of all attacks monitored by Symantec.

Malware authors go modular

Malicious code threats to privacy and confidentiality increased rapidly in the first six months of 2005 - up 48 per cent on the back half of 2004. Virus writers upped their production lines to release 10,866 new Windows virus and worm variants in the first six months of this year, Symantec reports.

For the second period in succession, NetSky-P was the most reported malicious code sample. Gaobot and Spybot - both linked to the creation of zombie networks of compromised Windows PCs - were the second and third most reported.

Malware that exposes confidential user information represented three-quarters (74 per cent) of the top 50 malicious code samples received by Symantec. Seven of the top 50 were linked to the creation of botnets. Websites that specialise in distributing source code and tools for malicious bots and botnets helped fuel the creation of multiple copies of Spybot with 6,361 new variants of the malware created in the first half of 2005, a 48 per cent increase over the 4,288 new variants documented in the second half of 2004.

Instead of releasing a wide range of functions in one program or file, virus writers are beginning to create modular code to avoid detection. Once installed, modular malware first tries to disable antivirus software and firewall protection and then trieas to download other pieces (or modules) of code from compromised computers across the internet.

A patch in time...

Symantec chronicled 1,862 new vulnerabilities during 1H2005 - an average of 10 new flaws a day – 73 per cent of which it categorises as easily exploitable. The time between the disclosure of a vulnerability and the release of an associated exploit was just six days. Half (59 per cent) of vulnerabilities were associated with web application technologies.

Along with computer viruses and vulnerabilities, spam remains a leading security concern. Spam accounted for 61 per cent of all email traffic in the first half of 2005, according to Symantec, with over half (51 per cent) of all junk mail received worldwide originated in the US. ®